PT-2023-24963 · Unknown · Kioware For Windows
Hunter Gregal
+1
·
Published
2023-06-19
·
Updated
2024-12-12
·
CVE-2023-34641
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
KioWare for Windows versions through 8.33
Description
The issue is related to an incomplete blacklist filter for blocked dialog boxes on Windows 10. Attackers can exploit this by opening a file dialog box via the
window.print() function, which can then be used to open an unprivileged command prompt.Recommendations
For versions through 8.33, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the
window.print() function until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kioware For Windows